CFS 105 Digital Security Chapter 2 Toolbox Authentication, Access Control, and Cryptography

1
SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 2: Toolbox: Authentication, Access
Control, and Cryptography
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
2
Objectives for Chapter 2

Survey authentication mechanisms
List available access control implementation options
Explain the problems encryption is designed to solve
Understand the various categories of encryption tools as
well as the strengths, weaknesses, and applications of
each
Learn about certificates and certificate authorities
3
Authentication
The act of proving that a user is who she says
she is
Methods:
Something the user knows
Something the user is
Something user has
4
Something You Know

Passwords
Security questions
Attacks on something you know:
Dictionary attacks
Inferring likely passwords/answers
Guessing
Defeating concealment
Exhaustive or brute-force attack
Rainbow tables
5
Distribution of Password Types

One character
0%
Other good Two characters
passwords 2%
14% Three characters
14%
Words in
dictionaries or
lists of names Four characters,
15% all letters
14%
Six letters,
lowercase Five letters,
19% all same case
22%
6
Password Storage
Plaintext Concealed
7
Biometrics: Something You Are
8
Problems with Biometrics

Intrusive
Expensive
Single point of failure
Sampling error
False readings
Speed
Forgery
9
Tokens: Something You Have

Time-Based Token Authentication
Login: mcollings
Passcode: 2468159759
PASSCODE PIN TOKENCODE
Token code: Clock
Changes every synchronized to
60 seconds UCT
Unique seed
10
Federated Identity Management

Identity Manager
User (performs Authenticated
authentication) Identity
Application Application
(no authentication) (no authentication)
Application
(no authentication)
11
Single Sign-On
User Single Sign-On Identification and
Shell Authentication
Credentials
Password Token
Authentication Authentication Authentication
Application Application
Application
12
Access Control
13
Access Policies
Goals:
Check every access
Enforce least privilege
Verify acceptable usage
Track users access
Enforce at appropriate granularity
Use audit logging to track accesses
14
Implementing Access Control

Reference monitor
Access control directory
Access control matrix
Access control list
Privilege list
Capability
Procedure-oriented access control
Role-based access control
15
Reference Monitor
16
Access Control Directory

User A Directory Files User B Directory
Access File Access File
File Name Rights Pointer File Name Rights Pointer
PROG1. C ORW BIBLIOG R
PROG1.EXE OX TEST.TMP OX
BIBLIOG ORW PRIVATE ORW
HELP.TXT R HELP.TXT R
TEMP ORW
17
Access Control Matrix
18
Access Control List

Directory Access Lists Files
Access List Access
File Pointer User Rights
BIBLIOG
BIBLIOG USER_A ORW
TEMP USER_B R
USER_S RW
F TEMP
HELP.TXT USER_A ORW
F
USER_A ORW
USER_S R
USER_A R HELP.TXT
USER_B R
USER_S R
USER_T R
SYSMGR RW
USER_SVCS O
19
Problems Addressed by Encryption

Suppose a sender wants to send a message to a
recipient. An attacker may attempt to
Block the message
Intercept the message
Modify the message
Fabricate an authentic-looking alternate message
20
Encryption Terminology
Sender
Recipient
Transmission medium
Interceptor/intruder
Encrypt, encode, or encipher
Decrypt, decode, or decipher
Cryptosystem
Plaintext
Ciphertext
21
Encryption/Decryption Process
Key Key
(Optional) (Optional)
Original
Plaintext Encryption Ciphertext Decryption
Plaintext
22
Symmetric vs. Asymmetric

Key
Original
Plaintext
(a) Symmetric Cryptosystem
Encryption Decryption
Key Key
Original
Plaintext
(b) Asymmetric Cryptosystem
23
Stream Ciphers
Key
(Optional)
ISSOPMI wdhuw
Plaintext Encryption Ciphertext
24
Block Ciphers
Key
(Optional)
.. XN OI TP ES
Plaintext IH Ciphertext
Encryption
po
ba
qc
kd
em
..
25
Stream vs. Block
26
DES: The Data Encryption Standard

Symmetric block cipher
Developed in 1976 by IBM for the US National Institute of
Standards and Technology (NIST)
27
AES: Advanced Encryption System

Symmetric block cipher
Developed in 1999 by
independent Dutch
cryptographers
Still in common use
28
DES vs. AES
29
Public Key (Asymmetric) Cryptography

Instead of two users sharing one secret
key, each user has two keys: one public
and one private
Messages encrypted using the users
public key can only be decrypted using the
users private key, and vice versa
30
Secret Key vs. Public Key Encryption
31
Public Key to Exchange Secret Keys
1 Bill, give me your public key
Here is my key, Amy 2
3 Here is a symmetric key we can use
32
Key Exchange Man in the Middle
Bill, give me
1
your public key
1a No, give it to me
Here is my key, Amy 2
Here is the middles key 2a
3 Here is the symmetric k ey
3a Here is another symmetric k ey
33
Error Detecting Codes

Demonstrates that a block of data has been modified
Simple error detecting codes:
Parity checks
Cyclic redundancy checks
Cryptographic error detecting codes:
One-way hash functions
Cryptographic checksums
Digital signatures
34
Parity Check
35
One-Way Hash Function
M
Encrypted for
authenticity
Hash
function
Message
digest
36
Digital Signature
Mark only Mark fixed

the sender to
can make document
Authentic Unforgeable
37
Certificates: Trustable Identities and Public Keys
A certificate is a public key and an identity

bound together and signed by a certificate
authority.
A certificate authority is an authority that
users trust to accurately verify identities
before generating certificates that bind
those identities to keys.
38
Certificate Signing and Hierarchy

To create Dianas certificate: To create Delwyns certificate:
Diana creates and delivers to Edward: Delwyn creates and delivers to Diana:
Name: Diana Name: Delwyn
Position: Division Manager Position: Dept Manager
Public key: 17EF83CA ... Public key: 3AB3882C ...
Edward adds: Diana adds:

Name: Diana hash value Name: Delwyn hash value
Position: Division Manager 128C4 Position: Dept Manager 48CFA
Edward signs with his private key: Diana signs with her private key:
Name: Diana hash value Name: Delwyn hash value
Position: Division Manager 128C4 Position: Dept Manager 48CFA
Which is Dianas ce rtificate. And appends her certificate:

Name: Delwyn hash value
Position: Dept Manager 48CFA
Public key: 3AB3882C ...
Name: Diana hash value
Position: Division Manager 128C4
Public key: 17EF83CA ...
Which is Delwyns certificate.
39
Cryptographic Tool Summary
40
Summary
Users can authenticate using something they know,
something they are, or something they have
Systems may use a variety of mechanisms to implement
access control
Encryption helps prevent attackers from revealing,
modifying, or fabricating messages
Symmetric and asymmetric encryption have
complementary strengths and weaknesses
Certificates bind identities to digital signatures

CFS 105 Digital Security Chapter 2 Toolbox Authentication, Access Control, and Cryptography

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CFS 105 Digital Security Chapter 2 Toolbox Authentication, Access Control, and Cryptography

Uploaded by

Copyright:

Available Formats

1

Objectives for Chapter 2

Something You Know

Distribution of Password Types

Biometrics: Something You Are

Problems with Biometrics

Tokens: Something You Have

Federated Identity Management

Authentication Authentication Authentication

Implementing Access Control

Access Control Directory

PROG1. C ORW BIBLIOG R

BIBLIOG ORW PRIVATE ORW

Access Control Matrix

Access Control List

HELP.TXT USER_A ORW

Problems Addressed by Encryption

Symmetric vs. Asymmetric

(a) Symmetric Cryptosystem

(b) Asymmetric Cryptosystem

Stream vs. Block

DES: The Data Encryption Standard

AES: Advanced Encryption System

DES vs. AES

Public Key (Asymmetric) Cryptography

Secret Key vs. Public Key Encryption

Public Key to Exchange Secret Keys

1 Bill, give me your public key

Here is my key, Amy 2

3 Here is a symmetric key we can use

Key Exchange Man in the Middle

Here is my key, Amy 2

Here is the middles key 2a

3 Here is the symmetric k ey

3a Here is another symmetric k ey

Error Detecting Codes

One-Way Hash Function

Mark only Mark fixed

Certificates: Trustable Identities and Public Keys

A certificate is a public key and an identity

Certificate Signing and Hierarchy

Edward adds: Diana adds:

Which is Dianas ce rtificate. And appends her certificate:

Which is Delwyns certificate.

Cryptographic Tool Summary

You might also like